Russian Website Hacking Into Canadian Internet-Connected Video Devices

December 20, 2017
You may have heard that there is a Russian website hacking security camera feeds from thousands of Canadian internet-connected video devices (cameras and DVRs). If you haven’t read about this yet, you can find out more here.

Being a cloud-based security company, we’ve been contacted by several of our customers to understand if their systems are impacted. Therefore, we’ve put together this informational blog to help both customers and non-customers who may have been impacted understand the issue and bring awareness to those impacted.

A Quick Summary

If you’re using Solink, you do not have to worry about this security breach, you’re fully protected. You can continue to use Solink on-site or remotely using your computer or mobile devices.

If you use a different security system, read on and find out what you should do and how Solink can help.

The First Question you Probably Have is “Am I at Risk Using Solink?”

The simple answer is no.

We take cyber-security very seriously at Solink, and we work hard to mitigate and eliminate any possible risks to our customers. We are constantly and proactively monitoring security publications to flag vulnerabilities as they are identified. Solink will proactively patch any security issues that arise, and we monitor usage and activity on your device(s) for abnormal behavior (like unauthorized pinging). Finally, all communication is fully encrypted and can be configured to be outbound only (aka) there are no inbound ports that can be scanned from the internet.

Your Second Question is Likely “What do I Need to Know About Camera Security?”

  1. Traditional security cameras and DVRs were designed to be used on-premise by a user on the same network.
  2. When the need came to view these same cameras remotely, traditional security vendors solved the problem in one of two ways, either:
    1. used a 3rd party remote access software(like TeamViewer or VNC); or
    2. made that device available on the public internet.

Vendors using the 3rd party software are at the mercy of the security settings used by the licensed product. If that product gets compromised, then the DVR/camera vendor will inadvertently be exposed by the breach. The best defence is to keep your product up to date and patched regularly for security fixes.

If your DVR vendor is asking you to open ports on your router be aware that you are opening up this device to the internet. It will likely get scanned and attempted for access repeatedly.

Often traditional DVR vendors have generic username and passwords which are meant for easy installation, though users often forget to change and manage these credentials properly. The key is to ensure proper passwords and authentication is used.

Finally, You’re Thinking “That’s Helpful but What Should I Do?”

Again, if you have Solink – your device is up to date and protected, there is nothing for you to do.

If you use another system at some or all of your stores, you can use these common “best practices” to improve your cyber security,

  1. Change all your passwords to be 9-12 characters with lower-case, upper case, numerical and character fields (i.e., !@$%^&*+).
  2. Make sure you have a unique password for devices that are publicly exposed to the internet.
  3. Have your network administrator update and patch the security settings of your device regularly.
  4. For added security, you can ask your network administrator to VLAN your device so that should an intruder get access to your device, it will be cordoned off from the rest of your network (NOTE that TDL Helpdesk has already architected the network with VLAN for all DVRs on the corporate network)
  5. Contact your DVR vendor to request a patch if there is a security compromise in the software.

In Conclusion

We take care of all customers both current and future so if you would like some help, we’d be happy to perform a generic vulnerability test on your store.

Simply fill out this form here and we’ll reach out to perform a free review of your system.

Subscribe to our monthly newsletter